IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability Network Vulnerability

Summary

The host is running IBM DB2 and is prone to security bypass vulnerability.

Impact

Successful exploitation allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. Impact Level: Application.

Solution

Upgrade to IBM DB2 version 9.1 FP10, 9.5 FP6a, 9.7 FP2 or later, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053

Insight

The flaw is due to an error in the application while revoking 'DBADM' privileges. This does not restrict users from executing non-DDL statements.

Affected

IBM DB2 version 9.1 before FP10, IBM DB2 version 9.5 before FP6a and IBM DB2 version 9.7 before FP2

References

http://secunia.com/advisories/43148
http://xforce.iss.net/xforce/xfdb/65008
https://www-304.ibm.com/support/docview.wss?uid=swg1IC66814
https://www-304.ibm.com/support/docview.wss?uid=swg1IC66814&crawler=1

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-0757
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

IBM DB2 DML Statement Execution Remote Privilege Escalation Vulnerability
Oracle MySQL Multiple Unspecified vulnerabilities - 02 May14 (Windows)
IBM solidDB 'SELECT' Statement Denial Of Service Vulnerability
MySQL Unspecified vulnerabilities-05 July-2013 (Windows)
MongoDB nativeHelper Denial of Service Vulnerability

Take action and discover your vulnerabilities